Security of httpd (url string exploit?)

January 6, 2013 3.1k views
Hi. Logwatch on my CentOS VPS reported the following: --------------------- httpd Begin ------------------------ A total of 1 sites probed the server A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP Response 200 ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ vsftpd: Unknown Entries: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Administrator rhost= : 105 Time(s) check pass; user unknown: 105 Time(s) ---------------------- pam_unix End ------------------------- Is this serious? What should I do next? Thanks
1 Answer
It is quite common to have remote users attempt to exploit any server that is on a public IP address.

If you follow our default setup instructions you should not have any issue with this.

Additionally the /etc/passwd file does not have any hashed passwords which are instead stored in your shadow file.
Have another answer? Share your knowledge.